Google GKE负载平衡器防火墙需要阻止ping [英] Google GKE Load Balancer firewall need to block ping

问题描述

我需要锁定对在Google Cloud Kubernetes中运行的服务的访问权限.我所能做的就是在TCP负载平衡器的服务部署中使用"loadBalancerSourceRanges"来限制可以访问端口443上的服务的网络.

I need to lock down access to service running in Google Cloud Kubernetes. What I can do is use "loadBalancerSourceRanges" in service deployment with TCP load balancer to restrict networks that can access service say on port 443.

我似乎无法做的是阻止来自Internet的ICMP流量达到负载均衡器.这是我的安全合规性要求.

What I don't seem to be able to do is lock down ICMP traffic from internet hitting load balancer. This is security compliance requirement I have.

Google文档和错误跟踪器似乎表明这是不可能的.我是正确的，什么是最佳选择?

Google documentation and bug tracker seem to indicate that this is not possible. Am I correct and what is best alternative?

推荐答案

如果转到VPC网络->防火墙规则->创建防火墙规则，然后将目标选择为网络中的所有实例"，并阻止所有ICMP请求，也许可以做到这一点(未经测试).

If you go to VPC Network -> Firewall Rules -> Create firewall rule and select the targets as "All instances in the network" and block all ICMP requests you may be able to accomplish this (not tested).

这篇关于Google GKE负载平衡器防火墙需要阻止ping的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！